[aklug] KRACK attack on WiFi at the protocol level (*all* clients affected)
Royce Williams
royce at tycho.org
Mon Oct 16 07:39:56 AKDT 2017
Good question. That is my current (limited) understanding, yes.
On Mon, Oct 16, 2017 at 7:37 AM, Christopher Howard
<christopher at alaskasi.com> wrote:
> Does the server/router side stuff needs to be patched as well? I saw a
> hostapd security patch in master branch of the librecmc git repo this
> morning, so I patched my router. But am wondering about all the dd-
> wrt/open-wrt routers out there that perhaps never get security
> updates...
>
> On Mon, 2017-10-16 at 06:23 -0800, Royce Williams wrote:
>> Flaw with the protocol itself - so *anything* speaking Wi-Fi will
>> need
>> to be patched, including the long tail of legacy, EOL, and cheap IoT
>> gear that will likely never be patched. Assume all Wi-Fi networks are
>> observable until then (core mitigations is to use a VPN). Long term,
>> recommend adding to RFPs for any gear (not just wireless) to ensure
>> updates for X period of time.
>>
>> Main announcement:
>> https://www.krackattacks.com/
>>
>> Paper with background:
>> https://papers.mathyvanhoef.com/ccs2017.pdf
>>
>> I will assemble what I know here:
>> http://www.techsolvency.com/story-so-far/krackattack/
>>
>> Other good meta-threads and summaries, keep an eye on these:
>> https://github.com/kristate/krackinfo
>> https://www.reddit.com/r/sysadmin/comments/76lj5q/this_is_a_core_
>> protocollevel_flaw_in_wpa2_wifi/
>>
>>
>> Per-vendor stuff:
>>
>> Aruba:
>> http://community.arubanetworks.com/t5/Wireless-Access/Core-level-
>> protocol-flaw-in-WPA2/td-p/310038
>> http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-007_FAQ_
>> Rev-1.pdfhttp://www.arubanetworks.com/support-services/security-
>> bulletins/
>>
>> wpa_supplicant:
>> https://w1.fi/cgit/hostap/commit/
>>
>>
>> News:
>>
>> https://arstechnica.com/information-technology/2017/10/severe-flaw-in
>> -wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/
>> https://www.alexhudson.com/2017/10/15/wpa2-broken-krack-now/
>>
>>
>> CVEs:
>>
>> CWE-323
>> CVE-2017-13077
>> CVE-2017-13078
>> CVE-2017-13079
>> CVE-2017-13080
>> CVE-2017-13081
>> CVE-2017-13082
>> CVE-2017-13083
>> CVE-2017-13084
>> CVE-2017-13085
>> CVE-2017-13086
>> CVE-2017-13087
>>
>> Royce
>> _______________________________________________
>> aklug mailing list
>> aklug at aklug.org
>> https://lists.aklug.org/mailman/listinfo/aklug
> --
> Christopher Howard
> Enterprise Solutions Manager
> Alaska Satellite Internet
> 3239 La Ree Way
> Fairbanks, Alaska 99709
> 1-888-396-5623
> https://alaskasatelliteinternet.com
> personal web site: https://qlfiles.net
> https://emailselfdefense.fsf.org/en/
>
>
More information about the aklug
mailing list